Your SlideShare is downloading. ×
0
Hr Wcu General Security Awareness Training Ed01
Hr Wcu General Security Awareness Training Ed01
Hr Wcu General Security Awareness Training Ed01
Hr Wcu General Security Awareness Training Ed01
Hr Wcu General Security Awareness Training Ed01
Hr Wcu General Security Awareness Training Ed01
Hr Wcu General Security Awareness Training Ed01
Hr Wcu General Security Awareness Training Ed01
Hr Wcu General Security Awareness Training Ed01
Hr Wcu General Security Awareness Training Ed01
Hr Wcu General Security Awareness Training Ed01
Hr Wcu General Security Awareness Training Ed01
Hr Wcu General Security Awareness Training Ed01
Hr Wcu General Security Awareness Training Ed01
Hr Wcu General Security Awareness Training Ed01
Hr Wcu General Security Awareness Training Ed01
Hr Wcu General Security Awareness Training Ed01
Hr Wcu General Security Awareness Training Ed01
Hr Wcu General Security Awareness Training Ed01
Hr Wcu General Security Awareness Training Ed01
Hr Wcu General Security Awareness Training Ed01
Hr Wcu General Security Awareness Training Ed01
Hr Wcu General Security Awareness Training Ed01
Hr Wcu General Security Awareness Training Ed01
Hr Wcu General Security Awareness Training Ed01
Hr Wcu General Security Awareness Training Ed01
Hr Wcu General Security Awareness Training Ed01
Hr Wcu General Security Awareness Training Ed01
Hr Wcu General Security Awareness Training Ed01
Hr Wcu General Security Awareness Training Ed01
Hr Wcu General Security Awareness Training Ed01
Hr Wcu General Security Awareness Training Ed01
Hr Wcu General Security Awareness Training Ed01
Hr Wcu General Security Awareness Training Ed01
Hr Wcu General Security Awareness Training Ed01
Hr Wcu General Security Awareness Training Ed01
Hr Wcu General Security Awareness Training Ed01
Hr Wcu General Security Awareness Training Ed01
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Hr Wcu General Security Awareness Training Ed01

523

Published on

Published in: Education, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
523
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
13
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • Personal Identity theft has been increasing at an alarming rate. Millions have been affected by ID Theft and millions more will be. What can we do at WCU to help prevent the compromise of sensitive data? IT Security has begun a campaign to bring security awareness to the university's workforce, stressing the importance of using good computer and worksite security practices. In this presentation We’ll talk about some of the simple, yet very important things each of us can do work more securely.
  • Personal Identity theft has been increasing at an alarming rate. Millions have been affected by ID Theft and millions more will be. What can we do at WCU to help prevent the compromise of sensitive data? IT Security has begun a campaign to bring security awareness to the university's workforce, stressing the importance of using good computer and worksite security practices. In this presentation We’ll talk about some of the simple, yet very important things each of us can do work more securely.
  • HIPAA --establishment of national standards for electronic health care transactions and national identifiers for providers, health insurance plans, and employers. GBLA- The Financial Modernization Act of 1999, also known as the "Gramm-Leach-Bliley Act" or GLB Act, includes provisions to protect consumers’ personal financial information held by financial institutions. There are three principal parts to the privacy requirements: the Financial Privacy Rule, Safeguards Rule and pretexting provisions. FERPA -The Family Educational Rights and Privacy Act (FERPA) (20 U.S.C. § 1232g; 34 CFR Part 99) is a Federal law that protects the privacy of student education records. The law applies to all schools that receive funds under an applicable program of the U.S. Department of Education
  • Downloading Malware onto a university workstation which connects to our databases could compromise the security of the system. Users who are not qualified to administer the system Security patches not applied Improper settings on system, database
  • Downloading Malware onto a university workstation which connects to our databases could compromise the security of the system. Users who are not qualified to administer the system Security patches not applied Improper settings on system, database
  • Types of Malware: Viruses • Spyware • Keyloggers • Backdoors
  • Types of Malware: Viruses • Spyware • Keyloggers • Backdoors
  • Transcript

    • 1. Video: educ_con_least Or Educ_con_avinfec
    • 2. WCU Security Awareness Protecting Sensitive Information (Data Security) Western Carolina University
    • 3. Objectives <ul><li>Why is security awareness and protecting sensitive information (data) so important? </li></ul><ul><li>What types of sensitive information should you watch for? </li></ul><ul><li>What areas of compliance do you need to know about? </li></ul><ul><li>How can sensitive information be compromised? </li></ul><ul><li>What can you do to protect sensitive information? </li></ul><ul><li>What are the consequences for data breach at WCU? </li></ul><ul><li>What are University Policy #97 and NC ITPA? </li></ul>
    • 4. What’s So Important? Why should you care? <ul><li>Universities hold massive quantities of personal, confidential data. </li></ul><ul><li>Universities are traditionally seen as easy targets for data theft. </li></ul><ul><li>Universities AND Individuals can be held liable for non-compliance. </li></ul>
    • 5. Compliance <ul><li>Universities are required to comply with federal & state laws and regulations regarding the way they use, transmit & store sensitive information , and to meet payment card industry contractual obligations </li></ul><ul><ul><li>HIPAA (federal law) – Health Insurance Portability and Accountability Act (health data) </li></ul></ul><ul><ul><li>GBLA (federal law) – Gramm Leach Bliley Act (financial data) </li></ul></ul><ul><ul><li>FERPA (federal law) – Family Educational Rights & Privacy Act (education records) </li></ul></ul><ul><ul><li>NC ITPA (state statute) – NC Identity Theft Protection Act (personal data, especially SSN) </li></ul></ul><ul><ul><li>PCI Data Security Standards (federal law) – payment card industry (Master Card, VISA, American Express, etc) </li></ul></ul>
    • 6. Sensitive Information <ul><li>Social Security number (SSN) </li></ul><ul><li>Credit/debit card #s/bank account #s/PINs </li></ul><ul><li>Drivers license and passport numbers </li></ul><ul><li>Personally identifiable health information </li></ul><ul><li>Personally identifiable student education records </li></ul><ul><li>Proprietary research data </li></ul><ul><li>Confidential/privileged legal data </li></ul><ul><li>Third party confidential data that should not be shared with the public </li></ul><ul><li>Other confidential data (e.g., personnel records) </li></ul>
    • 7. Good Data Practice <ul><li>If you don’t need it, don’t collect it </li></ul><ul><li>If you need it only once, don’t save it </li></ul><ul><li>If you don’t need to save it, dispose of it properly </li></ul><ul><li>If you have to save it, store it securely </li></ul><ul><li>If you have to transmit it, transmit securely </li></ul><ul><li>Don’t give out information without knowing the recipient/positive confirmation </li></ul>
    • 8. What to do with Sensitive Information <ul><li>If you don’t need it for business purposes, don’t collect it </li></ul><ul><li>If you do need to collect it, maintain it securely </li></ul><ul><li>If you need to share it, transmit it securely </li></ul>
    • 9. Sensitive Information Security Tips <ul><li>Confidential data should NEVER be located on a web server </li></ul><ul><li>Use a secure WCU server ( H: drive ) to store confidential data. DO NOT maintain data on a local disk (C: drive) </li></ul><ul><li>Do not create or maintain “shadow data” (duplicate data) – if you must maintain it, keep it on the H: drive </li></ul><ul><li>Encrypt confidential data whenever possible </li></ul><ul><li>Redact confidential data whenever possible (last four digits of a SSN, partial credit card numbers, etc) </li></ul>
    • 10. Identity Theft Video: educ_con_least
    • 11. Identity Theft <ul><li>Approximately 10 million ID theft victims nationally per year – 19 people per minute </li></ul><ul><li>Identity theft is now passing drug trafficking as the number one crime in the nation according to the Department of Justice </li></ul><ul><li>In NC, the number of identity theft crimes reported to the FTC jumped from 1,656 cases in 2001, to 5,830 in 2005 </li></ul>
    • 12. How is Information Stolen? <ul><li>Phishing </li></ul><ul><li>Malware </li></ul><ul><li>Hacking </li></ul><ul><li>Unauthorized physical access to computing devices </li></ul><ul><li>Lost/stolen computing devices </li></ul><ul><li>Social engineering </li></ul><ul><li>Lost/stolen paper records </li></ul>
    • 13. Phishing Video: sec0601d.wmv
    • 14. Phishing <ul><li>The practice of acquiring personal information on the Internet by masquerading as a trustworthy business </li></ul>
    • 15. Hacking Video: educ_con_hacker_ipodv.m4v
    • 16. Hacking <ul><li>Unauthorized and/or illegal computer trespass executed remotely via some form of communication network (the Internet, LAN or dial-up network) </li></ul>
    • 17. Malware Video: sec0601h.wmv Or educ_con_webris
    • 18. Malware <ul><li>Usually installed onto a computer by downloading other programs such as screensavers, games, and “free” software </li></ul><ul><li>Trojans – malicious programs disguised or embedded within legitimate software </li></ul>
    • 19. What Can Malware Do? <ul><li>Capture and send sensitive information from your workstation to the hacker (key loggers) </li></ul><ul><li>Download other malware </li></ul><ul><li>Crash your workstation </li></ul><ul><li>Be used to perform attacks from inside WCU’s network </li></ul>
    • 20. Steer Clear of Malware <ul><li>Avoid using Instant Messaging and Chat software </li></ul><ul><li>Avoid using Peer to Peer file sharing software </li></ul><ul><li>Don’t download or install unauthorized programs </li></ul><ul><li>Keep your computer up to date with the latest antivirus definitions and security patches </li></ul>
    • 21. Unauthorized Physical Access to Computing Devices Video: sec0601p.wmv
    • 22. Unauthorized Physical Access to Computing Devices <ul><li>Unsecured work stations, offices, desks, files </li></ul><ul><li>Unattended computing devices </li></ul>
    • 23. Securing Your Workstation <ul><li>Log off or lock your workstation when you leave (CTRL-ALT-DEL) </li></ul><ul><li>Use a screensaver with a password enabled </li></ul><ul><li>Turn your computer off when you go home </li></ul>
    • 24. Practice a “Clean Desk” Policy <ul><li>Don’t leave confidential data unattended on your desk, FAX, printers or copiers </li></ul><ul><li>Keep confidential data stored in a locked desk drawer or file cabinet </li></ul><ul><li>Shred confidential data for disposal (in compliance with the NC Records Retention and Disposition Schedule) </li></ul>
    • 25. Which Way Did It Go? <ul><li>Licensed cab drivers in London reported that 4,973 laptops, 5,939 Pocket PCs, and 63,135 mobile phones were left in cabs over a 6 month period. </li></ul>
    • 26. Lost/Stolen Computing Devices Video: educ_con_inconv
    • 27. Lost/Stolen Computing Devices <ul><li>Laptops </li></ul><ul><li>PCs </li></ul><ul><li>BlackBerry/Smart phones </li></ul><ul><li>PDAs </li></ul><ul><li>Removable memory devices (thumb drives, flash cards, etc) </li></ul>
    • 28. Social Engineering Video: psa_gold.mp4
    • 29. Social Engineering <ul><li>A hacker’s favorite tool—the ability to extract information from computer users without having to touch a computer </li></ul><ul><li>Tricking people to give out information is known as “social engineering” and is one of the greatest threats to data security </li></ul>
    • 30. Social Engineering (cont.) <ul><li>Despite security controls, a university is vulnerable to an attack if an employee unwittingly gives away confidential data: </li></ul><ul><ul><ul><li>In an email, </li></ul></ul></ul><ul><ul><ul><li>By answering questions over the phone with someone they don't know </li></ul></ul></ul><ul><ul><ul><li>Failing to ask the right questions </li></ul></ul></ul>
    • 31. Password Security Video: sec0601g.wmv
    • 32. Password Security <ul><li>NEVER GIVE YOUR PASSWORD TO ANYONE </li></ul><ul><li>Don’t use the same password on multiple systems </li></ul><ul><li>Use a strong password (e.g., a combination of alpha, upper/lower case, numeric characters, special characters) on all your computer systems and change them regularly </li></ul><ul><li>Avoid using the “auto complete” option to remember your password </li></ul><ul><li>Avoid storing passwords (e.g., “Check box to remember this password”) </li></ul>
    • 33. Safe Email Practices <ul><li>Don’t open unscanned, unknown or unexpected email attachments </li></ul><ul><li>If you receive an email with a hyperlink, don’t open it in the email – open a web browser and type the link in manually </li></ul><ul><li>Email is sent in plain text and should never be used to send confidential data </li></ul>
    • 34. Sensitive Information (Data) Breach Consequences <ul><li>HIPAA (federal law) – significant financial penalties per violation; imprisonment for intentional disclosure of protected health information </li></ul><ul><li>ITPA (North Carolina statute) – data security breach requires notification of affected persons-cost up to $250,000 to be borne by department </li></ul>
    • 35. Data Security Breach Consequences (cont.) <ul><li>PCI </li></ul><ul><ul><li>$500,000 per incident if there is a compromise on the network resulting in loss or theft of cardholder data, and the network was subsequently found to be non-compliant </li></ul></ul><ul><ul><li>$100,000 per incident if a merchant fails to immediately notify payment card companies of suspected or confirmed loss or theft of transaction information </li></ul></ul>
    • 36. Data Security Breach Consequences (cont.) <ul><li>GLBA – Imposition of civil money penalties of up to $250,000 for individuals, and $500,000 for organizations and/or imprisonment up to 5 years for intentional fraudulent access to financial information </li></ul>
    • 37. State & University Policies for Data Security <ul><li>University Policy #97 : </li></ul><ul><li>Data Security and Stewardship (http://www.wcu.edu/25380.asp) </li></ul><ul><li>NC Identity Theft Protection Act (ITPA) : </li></ul><ul><li>Protects individuals from identity theft by mandating that businesses and government agencies safeguard Social Security numbers and other personal information (student data) </li></ul>
    • 38. If You Suspect a Problem <ul><li>IMMEDIATELY notify your supervisor </li></ul>

    ×